PublicDateAtUSN: 2021-04-23 18:15:00 UTC
Candidate: CVE-2021-22204
PublicDate: 2021-04-23 18:15:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22204
 https://bugs.launchpad.net/bugs/1925985
 https://github.com/exiftool/exiftool/commit/cf0f4e7dcd024ca99615bfd1102a841a25dde031#diff-fa0d652d10dbcd246e6b1df16c1e992931d3bb717a7e36157596b76bdadb3800
 https://hackerone.com/reports/1154542
 https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-22204.json
 https://ubuntu.com/security/notices/USN-4987-1
Description:
 Improper neutralization of user data in the DjVu file format in ExifTool
 versions 7.44 and up allows arbitrary code execution when parsing the
 malicious image
Ubuntu-Description:
Notes:
Mitigation:
Bugs:
 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=987505
 https://bugs.launchpad.net/bugs/1925985
Priority: high
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H [7.8 HIGH]


Patches_libimage-exiftool-perl:
upstream_libimage-exiftool-perl: released (12.16+dfsg-2)
precise/esm_libimage-exiftool-perl: DNE
trusty_libimage-exiftool-perl: ignored (out of standard support)
trusty/esm_libimage-exiftool-perl: DNE
xenial_libimage-exiftool-perl: ignored (end of standard support, was needs-triage)
bionic_libimage-exiftool-perl: released (10.80-1ubuntu0.1)
focal_libimage-exiftool-perl: released (11.88-1ubuntu0.1)
groovy_libimage-exiftool-perl: released (12.05-1ubuntu0.1)
hirsute_libimage-exiftool-perl: released (12.16+dfsg-1ubuntu0.1)
impish_libimage-exiftool-perl: not-affected (12.16+dfsg-2)
jammy_libimage-exiftool-perl: not-affected (12.16+dfsg-2)
devel_libimage-exiftool-perl: not-affected (12.16+dfsg-2)